Responsible Disclosure

Service to help ensure a safe and secure environment for all users

  1. Home
  2. Responsible Disclosure

Practice-Web is providing this service to help ensure a safe and secure environment for all users.

If external parties find any sensitive information, potential vulnerabilities, or weaknesses, please help by responsibly disclosing it to ResponsibleDisclosure@fullsteam.com.

This policy applies to Practice-Web hosted applications and to any other subdomains or services associated with products. Practice-Web does not accept reports for vulnerabilities which solely affect marketing websites ({{ 'BU_SITE' }}), containing no sensitive data.

Security Researcher Guidelines

Security researchers must not:

  • Engage in physical testing of facilities or resources.
  • Engage in social engineering.
  • Send unsolicited electronic mail to Practice-Web users, including “phishing” messages.
  • Execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks.
  • Introduce malicious software.
  • Execute automated scans or tools that could disrupt services, such as password guessing attacks, or be perceived as an attack by intrusion detection/prevention systems.
  • Test in a manner which could degrade the operation of Practice-Web systems; or intentionally impair, disrupt, or disable Practice-Web systems.
  • Test third-party applications, websites, or services that integrate with or link to or from Practice-Web systems.
  • Delete, alter, share, retain, or destroy Practice-Web data, or render Practice-Web data inaccessible.
  • Use an exploit to exfiltrate data, establish command line access, establish a persistent presence on Practice-Web systems, or "pivot" to other Practice-Web systems.

 

Security researchers may:

  • View or store Practice-Web nonpublic data only to the extent necessary to document the presence of a potential vulnerability.

 

Security researchers must:

  • Cease testing and notify us immediately upon discovery of a vulnerability.
  • Cease testing and notify us immediately upon discovery of an exposure of nonpublic data.
  • Purge any stored Practice-Web nonpublic data upon reporting a vulnerability.

 

Thank you for helping to keep Practice-Web and our users safe!

Practice-Web

Practice-Web is committed to helping your dental office thrive! Our specialists are ready to show you how our practice management and smart tools can improve your revenue and productivity.

Get a Free Demo!

Contact Us

Click Here To View Responsible Disclosure